Host-based backup of VMware vSphere VMs.
Post Reply
marius roma
Veteran
Posts: 459
Liked: 5 times
Joined: Feb 01, 2012 12:04 pm
Full Name: Mario
Contact:

Backup of an infected VM

Post by marius roma »

I realize that my question can sound crazy, but the problem is real.
Imagine a Windows Server SP2 VM infected by various kind of malware (including trojans).
I need to create a backup of the VM (powered up) in order to preserve the data contained in the infected VM itself before attempting to clean up the VM and remove the malware.
Is there any risk to compromise the other VMs managed by the same Veeam B&R server, the NAS used as target or the Veeam B&R server itself?
If so, how can I prevent such possible risks?
Regards
marius
Egor Yakovlev
Veeam Software
Posts: 2536
Liked: 680 times
Joined: Jun 14, 2013 9:30 am
Full Name: Egor Yakovlev
Location: Prague, Czech Republic
Contact:

Re: Backup of an infected VM

Post by Egor Yakovlev » 1 person likes this post

Hi Mario!

You have a valid question and it's not crazy at all!
- Backup is done at image level, thus we will read .vmdk file of said VM and infected guest OS will be unaware its being backed up. Check if Application-aware Image Processing is disabled in Backup Job "Guest Processing" step to make sure we will not communicate with said VM guest OS over network(yeah, backup will be crash-consistent, but 100% invisible to guest OS).
- Backup is processed and kept in a proprietary format, and trojans from within our compressed and deduplicated backup file will have no chance to infect said NAS server files.
- Note that Veeam has Secure Restore and Staged Restore functions that might assist with infected machine restore cases.

Hope that helps!
Post Reply

Who is online

Users browsing this forum: Bing [Bot], Semrush [Bot] and 69 guests